home

qifafq.exe

Pidgin Portable

PortableApps.com

The executable qifafq.exe has been detected as malware by 54 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Qifafq’. This worm can steal user names and passwords by monitoring network communication, block websites, and launch a denial of service (DoS) attack.
Publisher:
PortableApps.com

Product:
Pidgin Portable

Version:
1.6.9.0

MD5:
2bae2008647e280bdf9e957a37f9d63e

SHA-1:
9c8872a4c9170f9f1634b37084a70344adbd2c32

Scanner detections:
54 / 68

Status:
Malware

Analysis date:
4/26/2024 5:01:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1158290
864

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Trojan/Win32.Inject
14.09.23

Avira AntiVirus
TR/Dropper.Gen
7.11.146.2

avast!
Win32:Crypt-QTC [Trj]
2014.9-140923

AVG
BackDoor.Generic17
2015.0.3342

Baidu Antivirus
Worm.Win32.IRCBot
4.0.3.14923

Bitdefender
Trojan.GenericKD.1158290
1.0.20.1330

Bkav FE
W32.WinatoD.Trojan
1.3.0.4959

Comodo Security
TrojWare.Win32.Injector.ALON
18185

Dr.Web
BackDoor.Siggen.54493
9.0.1.0266

Emsisoft Anti-Malware
Trojan.GenericKD.1158290
8.14.09.23.01

ESET NOD32
Win32/Dorkbot
8.9734

Fortinet FortiGate
W32/Injector.AJDD!tr
9/23/2014

F-Secure
Trojan.GenericKD.1158290
11.2014-23-09_3

G Data
Trojan.GenericKD.1158290
14.9.24

IKARUS anti.virus
Win32.Crypt
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11907

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3207

Malwarebytes
Trojan.Agent.ED
v2014.09.23.01

McAfee
PWSZbot-FBS!2BAE2008647E
5600.6998

Microsoft Security Essentials
Worm:Win32/Dorkbot.I
1.10502

MicroWorld eScan
Trojan.GenericKD.1158290
15.0.0.798

NANO AntiVirus
Trojan.Win32.Panda.cqnuiv
0.28.0.59608

Norman
Gamarue.BBV
11.20140923

nProtect
Trojan.GenericKD.1158290
14.04.28.01

Panda Antivirus
Trj/Genetic.gen
14.09.23.01

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Trojan.Lethic.B5
9.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.1588E5F7!361293303
23.00.65.14921

Sophos
Mal/EncPk-AKA
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
10342

Trend Micro House Call
TROJ_KRYPTK.SMTO
7.2.266

Trend Micro
TROJ_GEN.R0CBC0DH613
10.465.23

Vba32 AntiVirus
BScope.Malware-Cryptor.Oop
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Ransom.cmc
28670

File size:
140 KB (143,360 bytes)

Product version:
1.6.9.0

Copyright:
John T. Haller

Trademarks:
PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:
PidginPortable.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\microsoft\qifafq.exe

File PE Metadata
Compilation timestamp:
8/3/2013 3:28:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:JjCM4FOknCfJPu7mXm9ou7AheMvYlq6F7O89AyWB82zQpf17+MaNNQFFax6XG:Jj3wOBXm9FAAMv22pEFhaMvU6XG

Entry address:
0x180E

Entry point:
E8, 6D, 2B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, B8, C2, 40, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, BC, C2, 40, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E4, 27, 00, 00, 85, C0, 75, 06, B8, 20, C4, 40, 00, C3, 83, C0, 08, C3, E8, D1, 27, 00, 00, 85, C0, 75, 06, B8, 24, C4, 40, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Code size:
28 KB (28,672 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Qifafq

Command:
C:\Documents and Settings\{user}\Application data\microsoft\qifafq.exe


Remove qifafq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.